Cyberspin

July 2025 CMMC Connect


Listen Later

In this episode, we unpack one of the most common questions in the CMMC space: What actually triggers a reassessment? From changes in CUI flow to infrastructure shifts and company acquisitions, we break down when you might need to re-certify—and what’s still awaiting clarity from the DoD.

We also share lessons learned from the field, including common missteps organizations are making in cloud environments. Misconfigured policies, inherited templates, and SSPs that don’t reflect reality are tripping up otherwise prepared teams.

Next, we take a closer look at the Shared Responsibility Model. Your External Service Provider (ESP) can’t carry the full weight of compliance. We explain what controls can be inherited, what’s shared, and where your organization is ultimately accountable.

Then we dive into key updates on 48 CFR—the rule that puts CMMC into contracts. With final review underway, we discuss what the phased rollout may look like, enforcement timelines, and how this will impact existing agreements.

Finally, don’t miss the live Q&A segment, where we tackle everything from overseas CUI control obligations to M365 scoping confusion and the new six-year evidence retention rule.

Tune in & take notes!

CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect

Subscribe to Cyberspin on Apple iTunesSpotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

...more
View all episodesView all episodes
Download on the App Store

CyberspinBy Redspin


More shows like Cyberspin

View all
CyberWire Daily by N2K Networks

CyberWire Daily

1,017 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

129 Listeners

Sum IT Up: CMMC News Roundup by Summit 7

Sum IT Up: CMMC News Roundup

14 Listeners

Climbing Mount CMMC by Bobby Guerra

Climbing Mount CMMC

2 Listeners

CMMC Compliance Guide by CMMC Compliance Guide

CMMC Compliance Guide

0 Listeners